![]() ![]() Singapore bank phishing saga like ‘fighting a war’Ĭustomers of the Oversea-Chinese Banking Corporation (OCBC) were hit by a string of phishing attacks and malicious transactions in 2021, leading to around $8.5 million of losses across approximately 470 customers. Phishing rates doubled in 2020, according to the latest FBI data. ![]() This type of phishing-which relies on human error combined with weak defenses-has thrived during the pandemic. You can guess what happens next-the fraudulent web form sends the user’s credentials off to the cybercriminals running the scam. The code triggers a pop-up notification, telling the user they’ve been logged out of Microsoft 365, and inviting them to re-enter their login credentials. html file, the target is directed to a website containing malicious code. However, the “spreadsheet” is actually a. The target receives a blank email with a subject line about a “price revision.” The email contains an attachment that looks like an Excel spreadsheet file (.xlsx). Here’s how the attack works, and it’s actually pretty clever. In April 2021, security researchers discovered a Business Email Compromise ( BEC ) scam that tricks the recipient into installing malicious code on their device. Microsoft 365 phishing scam steals user credentials The case is an important reminder of how cybersecurity plays an increasingly central role in international conflicts-and how all organizations should be taking steps to improve their security posture and protect against social engineering attacks.Ħ. The emails also contain a tracking pixel that informs the cybercriminals whether it has been opened. ![]() The initial phase of Gamaredon’s attack relies on spear phishing emails containing malware. The group-known as Gamaredon and tracked by Microsoft as ACTINIUM-has allegedly been targeting “organizations critical to emergency response and ensuring the security of Ukrainian territory” since 2021. Russian hacking group targets Ukraine with spear phishingĪs world leaders debate the best response to the increasingly tense situation between Russia and Ukraine, Microsoft warned in February 2022 of a new spear phishing campaign by a Russian hacking group targeting Ukrainian government agencies and NGOs. It’s easy to see how even a relatively scrupulous employee could fall for an attack like this-but the problem would not have arisen if the target organization had better email security measures in place. The site even displayed an “error” message after the first input, ensuring the target would enter their credentials twice and thus reducing the possibility of mistyped credentials. The fake bidding site instructed users to enter their Office 365 credentials. On clicking the link, targets were redirected to a phishing site that looked identical to the actual DoL site, hosted at a URL such as bid-dolgovus. The supposed bidding instructions were included in a three-page PDF with a “Bid Now” button embedded. The emails used official DoL branding and were professionally written and invited recipients to bid on a government project. ![]() Using these domains, the phishing emails sailed through the target organizations’ security gateways. The attack used two methods to impersonate the DoL’s email address-spoofing the actual DoL email domain and buying up look-a-like domains, including “dol-govcom” and “dol-govus”. The scam is a noteworthy example of how convincing phishing attempts are becoming. In January 2022, Bleeping Computer described a sophisticated phishing attack designed to steal Office 365 credentials in which the attackers imitated the US Department of Labor (DoL). Persuasive email phishing attack imitates US Department of Labor Between 20, Rimasauskas and his associates cheated the two tech giants out of over $100 million. The scammers then sent phishing emails to specific Google and Facebook employees, invoicing them for goods and services that the manufacturer had genuinely provided - but directing them to deposit money into their fraudulent accounts. Rimsauskas also set up bank accounts in the company’s name. Rimasauskas and his team set up a fake company, pretending to be a computer manufacturer that worked with Google and Facebook. The biggest social engineering attack of all time (as far as we know) was perpetrated by Lithuanian national, Evaldas Rimasauskas, against two of the world’s biggest companies: Google and Facebook. $100 Million Google and Facebook Spear Phishing Scam ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |